SDN and NFV Era
Showing results for 
Search instead for 
Do you mean 

There are no private, public or hybrid clouds—only islands of infrastructure to be consumed

by Juniper Employee ‎04-19-2017 07:04 PM - edited ‎04-20-2017 09:12 AM

At the root of John Boyd’s “OODA loop” methodology, there is the notion that we need to acknowledge and work with levels of “uncertainty”—gaps that result when applying established models to new and changing contexts[i]. Unfortunately, the networking community—desperate for operational stability—largely ignores these mismatches, designing network and security architectures as if they can dictate how applications are deployed.


Nothing is further from the truth.


While this trend started more than a decade ago, container technology is flipping the concept on its head.  Basic networking constructs, such as L2 connectivity deployed via overlay networks, are built directly into the container engine, giving developers complete control to deploy their applications without a courtesy call to the networking team.


Cloud providers have made it easier to move workloads to public infrastructure, and more organizations are writing applications specifically for this environment. Furthermore, application “availability” is no longer tied to the infrastructure stack. The difficulty of moving these applications out of these “cloud jails”[ii] when new offerings or economics dictate prove once again that networking and security are mere afterthoughts, behind ease of consumption and application development.  


When applying traditional security models to clouds or containers (and, soon, serverless processes), it is quickly apparent that notions like perimeters, enforcement points, and correlation are very different from what has been done in the past.  When you factor in location (as in “my data center” vs. “public provider”), the attack surface widens and diversifies.


Application development teams have outflanked the entire IT organization, exposing the shortcomings of static infrastructure and putting teams in a reactive position as the level of management complexity grows. These new applications must share data securely with legacy systems that will take years to transition to the cloud-native format.


How do we respond to dynamic, ever-changing network topologies and security needs? How can we provide consumable network services while maintaining a shared network infrastructure over which islands of infrastructure technologies can co-exist and share applications and data?



Capture d’écran 2017-04-19 à 21.54.49.png




Blueprint for a network and security consumption layer

The solution lies in the introduction of an abstraction layer for network and security functions. This is what SDN and network virtualization are meant to deliver: a way to model and operate the underlying infrastructure in a traditional manner, in accordance with established engineering principles, while applications create and modify arbitrary topologies on top.


If network virtualization begins in the data center, however, it must extend its reach and federate uniformly across multiple infrastructure silos and sites, as well as any service providers’ clouds, and decouple from the underlying infrastructure. If a specific hardware component, hypervisor, or cloud provider is required, it will limit—or potentially eliminate—your network and application security options.


One solution—Contrail vRouter—interfaces directly with VMs, replacing the bridge in Docker engines or the proxy in Kubernetes environments, as well as in your data center, in public cloud, making it easy to move workloads in and out of silos and cloud providers.


Service-Aware Networking

One might think that a centralized approach to network virtualization would help federate silos and clouds. However, centralization presents its own set of challenges when different management layers, each with their own unique network and security constructs, interface with a common controller. Current implementations of this approach have met with limited success in simple use cases such as VMware deployments using native management tools like vRealize (vRA) or vCloud Director (vCD) in newer OpenStack environments.


Contrail lets operators implement a fully distributed architecture, providing each infrastructure silo with its own independent Contrail environment.  These Contrail environments share network and security information, allowing network services to be stitched across silos. A virtual network can be extended from a physical switch to a VM running under vRA and others under OpenStack, to a Docker container in the data center, to VMs or containers in the cloud of your choice—all with consistent services such as firewalling, NATing, routing, and load balancing.


One of the desired outcomes of network virtualization is that services and analytics be exposed not only to the application management layer, but also to higher-end network applications such as security orchestrators, correlation tools, and SD-WAN applications.  The goal is to move away from element management towards policy management. Information such as topology, addressing, location, traffic type, rates, sessions, and name space are collected at the source and exposed to these applications, providing extraordinary visibility and context for making informed path selection and security decisions.


Juniper’s Software-Defined Secure Network (SDSN) approach leverages information provided by the network virtualization layer about user intent policies across all domains. Together with the NorthStar SD-WAN controller and the AppFormix cloud operations optimization platform, these tools create a distributed, service-aware blueprint that is decoupled from the infrastructure, delivering consistent services across silos.

 Capture d’écran 2017-04-19 à 21.57.30.png




Get out of (cloud) jails

Application development has imposed new models, management, and orchestration approaches on the networking industry, not to mention basic constructs that are dynamic and arbitrary. Furthermore, while it was believed that one day all infrastructure would be unified under a single management scheme, the sad truth is that silos of non-interoperable stacks are here to stay, ready to impose network requirements we cannot anticipate.


Juniper’s blueprint, leveraging the Contrail network virtualization platform and service-level applications such as NorthStar and AppFormix with the SDSN approach, deliver a distributed network abstraction layer, easily consumed by any application development platform.  Once the abstraction layer is in place, network engineering of the underlying network is not subject to the constraints and volatility of the application delivery technology and can deliver consistent network and security services across any types of infrastructure.


Juniper Networks has accepted the challenge of building networks that help businesses scale to accommodate ever-evolving requirements, helping network and security teams regain control over their network and services while still giving developers the agility they need.


How? Find out more by visiting Juniper at our Open Networking User Group 2017 Spring booth!

We’ll be presenting in the ONUG Software-Defined Security Services Working Group Update on April 25 from 2:05-2:50pm, and leading the Enhanced Security for Software Defined Networks session on April 26 at 10:15-10:30am.




[i] “Science, Strategy, and War” by Frans P.B. Osinga

[ii] Term coined by Avi Freedman and described in

Juniper Networks Technical Books
About the Author
  • Prior to Juniper acquisition, Ankur was the Founder and CEO of Contrail Systems Inc - a pioneer in standards based network virtualization and scale-out networking software. Ankur has over 15 years of experience in building world-class networking products and leading high performance teams. Prior to Contrail, Ankur served as Chief Technology Officer and VP of Engineering at Aruba Networks, where he played critical roles in the rapid expansion of team, products, and global businesses. Before Aruba, Ankur helped drive Juniper’s initial entry into and expansion of the Ethernet Switching market. Ankur received his MSEE from Stanford University & BSEE from the University of Southern California.
  • David Noguer Bau is the head of Telco Vertical Marketing at the SP Strategic Marketing team in Juniper Networks. He has extensive experience in Service Provider network evolution and regularly runs executive sessions with technical and marketing teams of important telecom operators to accelerate the adoption of virtualisation. David is based in Barcelona and has over 15 years of experience in the telecommunications sector. Prior joining Juniper Networks, Mr. Noguer Bau spent seven years at Nortel where he was a Business Development Manager specializing in Carrier Ethernet and Broadband areas. Before Nortel he worked at Eicon-Dialogic as Technical Manager in Spain. David has been the Country Marketing Chair at Metro Ethernet Forum for Spain. Mr. Noguer has wide experience speaking at international Conferences. He was graduated as Computer Engineer by Universitat Autonoma de Barcelona (UAB) and has an executive MBA from EADA Barcelona and executive education at the Thunderbird School of Global Management (Arizona) and the Henley Business School (UK). The views expressed here are my personal opinions , have not been reviewed or authorized by Juniper Networks and do not necessarily represent the views of Juniper Networks.
  • Donyel Jones-Williams is the Director of Service Provider Product Marketing Management overseeing all of Juniper's Service Provider Products for Juniper Networks. In this role, he leads all of the internal and external marketing activities for Juniper with respect to routing, automation, SDN and NFV. Prior to joining Juniper Networks in January 2014, Donyel was a Senior Product Line Manager for Cisco Systems with in the High End Optical Routing Group managing product lifecycle for multiple products lines helping telecom providers operate efficiently and effectively including; ONS 155xx Product Family, ONS 15216, ONS 15454 MSTP, Carrier Packet Transport Product Family, ME 2600x, & ASR 9000v. He also negotiated favorable agreements with 3rd-party vendors furnishing components and parts and conducted both outbound and inbound marketing (webinars, case study-development, developed and delivered both business & technical at Cisco Live 2005-2012). Donyel graduated from California Polytechnic State University-San Luis Obispo with a Bachelor of Science in Computer Science. While attending Cal Poly SLO he was a collegiate student athlete playing football as a wide receiver and a key member of the National Society of Black Engineers. Donyel is now an active volunteer for V Foundation.
  • Remarkably organized stardust.
  • Jennifer Blatnik is vice president of cloud, security and enterprise portfolio marketing at Juniper Networks with focus on enterprise deployments of security, routing, switching, and SDN products, as well as cloud solutions. She has more than 20 years of experience helping enterprises solve network security challenges. Before joining Juniper, Jennifer served multiple roles at Cisco Systems, Inc., including directing product management for security technologies aimed at small to medium enterprises, as well as supporting managed services, cloud service architectures and go-to-market strategies. She holds a B.A. in Computer Science from University of California, Berkeley.
  • Jerry oversees all aspects of OpenLab which serves as a catalyst to spark the development of new innovative software applications or solutions that leverage the power of SDN/network programmability and intelligence. OpenLab is unique within Juniper and with its polished facility, globally accessible lab, and educational programs – such as the SDN “hackathons,” it serves as a tool for customer, partners, and academia. Prior to this position, Jerry led the development, management and marketing of the company’s strategic partnerships for video/unified communications, optical networking, and content/media delivery. In addition to handling the day-to-day oversight of the partnerships, he established new cross-partner go-to-market processes to drive and manage joint field opportunities. Before joining Juniper, Jerry led the Lucent Technologies application hosting/service provider marketing organization. He has over 25 years of experience in the data networking field with a focus on strategic alliance development, marketing, and technical field support. Jerry possesses a BS degree in Computer Science from St. John’s University in New York. He is active as a Juniper ambassador within the technology and academic community which includes advisory board positions with both NJIT and Rutgers in New Jersey.
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile:
  • Mark Belk is the National Government Chief Architect at Juniper Networks
  • Mike Marcellin is Senior Vice President and Chief Marketing Officer, leading the global marketing team responsible for marketing Juniper’s product and services portfolio and stewarding the brand, driving preference for Juniper in the market, training our partners and account teams, and developing a differentiated information experience for our customers. Before joining the global marketing organization, Marcellin led business strategy and marketing for Juniper’s industry-leading portfolio of high-performance routing, switching and security products. Prior to joining Juniper in 2010, Marcellin served as Vice President of Global Managed Solutions for Verizon, where he oversaw product development and marketing of its managed IP networking, hosting, security and IT solutions for businesses around the world. He also served as Vice President of Global Product Marketing for Verizon Business, executive director of Verizon Business’ IP and Ethernet portfolio as well as leading the company’s eCRM marketing division. Marcellin began his career with MCI in 1994. Marcellin is a Board Member for the Telecommunications Industry Association and a Board Member of US Ignite, an NSF-sponsored initiative. Marcellin holds two patents and was a Rodman Scholar at the University of Virginia, where he received a bachelor of science degree with distinction in systems engineering. He is based in Sunnyvale, California.
  • I love the intracacy and intimacy of succesful communications. Why and how people engage with each other is fascinating. I am also consumed with the way IT changes behaviours, values and expectations in society. I bring this sense of wonder to my role in EMEA Service Provider Marketing Programs at Juniper Networks. Down time: My passions are music, reading, politics, Derby County and playing the guitar (and the harmonica). You can follow me elsewhere: twitter: @neilpound my personal blog: my LinkedIn account: Neil Pound
  • Paul Obsitnik is Vice President of Service Provider Marketing for Juniper Networks Platform Systems Division (PSD), responsible for the marketing of Juniper’s portfolio of high performance routing, switching, and data center fabric products to Service Providers globally. Paul's team is responsible for marketing strategy, product marketing, go-to-market planning, and competitive analysis worldwide for the Service Provider segment. Obsitnik has extensive experience in marketing, sales and business development positions with a proven track record in creating technology markets. He has served in senior marketing and sales management positions at several companies including BridgeWave Communications, ONI Systems, NorthPoint Communications and 3Com. Paul holds a Bachelor of Science with Honors in Electrical Engineering from the United States Naval Academy and a Master of Business Administration from the Harvard Graduate School of Business. Obsitnik is based in Sunnyvale, California.
  • Praful Lalchandani is a Product Manager at Juniper Networks focussing on the Data Center portfolio. Praful is a seasoned veteran in the networking industry, with experience spanning over 15 years building networking products and helping service providers, cloud providers and enterprises with their networking requirements.
  • Pratik Roychowdhury currently leads product management for Juniper's SDN and Cloud Software product namely Contrail. He has been with Juniper Networks for the last six years, leading product management activities for Juniper’s Network Virtualization and Network Programmability products and taking some of these products from concept to release. Overall, Pratik has spent 16+ years in the hi-tech industry assuming various roles including product development at Citrix, strategy & product management at early stage start-ups, and technology investment banking at UBS. Pratik has a B.Tech in Electrical Engineering from Indian Institute of Technology and an MBA from Univ of Michigan, Ann Arbor (Ross School of Business).
  • VP of engineering, Juniper Networks & founder, AppFormix Entrepreneur and founder with successful exits from two networking startups. Sumeet holds more than 20 patents with technologies implemented in shipping products and has received numerous awards from organizations as diverse as MIT and Interop. His AppFormix team at Juniper Networks is shipping an automated, real-time monitoring environment that uses AI and machine learning to autonomously mitigate application and network function issues before they impact QoS or user experience.